CVE-2026-46153

MEDIUM

8021q: delete cleared egress QoS mappings

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlan_dev_set_egress_priority() currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping nodes until device teardown and leak memory. Delete mappings when vlan_prio is cleared instead of keeping tombstones. Now that the egress mapping lists are RCU protected, the node can be unlinked safely and freed after a grace period.

Scores

CVSS v3 5.5
EPSS 0.0011
EPSS Percentile 1.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (10)
linux/Kernel 2.6.12 - 7.0.7linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 7dddc74af369478ba7f9bc136d0fc1dc4570cb66
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - a52e122c9e4d56ad9a03b32c915a199276d989c3
Linux/Linux 2.6.12
Linux/Linux 7.0.7 - 7.0.*
Linux/Linux 7.1
Linux/Linux 7.1-rc1
linux/linux_kernel 2.6.12 (5 CPE variants)
linux/linux_kernel 2.6.12.1 - 7.0.7
Published May 28, 2026
Tracked Since May 28, 2026